date:20100923


Native threads cannot be killed and will hang about until complete. You can
find more info on the from website and list.

Russ

On 23 Sep 2010 03:28, Richard Steele r...@photoeye.com wrote:


On CF8 Enterprise, we have set the request timeout to 30 seconds. However,
in Fusion Reactor the request is continuing on way past that time for
certain threads. Why is the request timeout not working? Thanks in advance.



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337355
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?


The other thing to keep in mind is that u can use the same validation for
client and server esp when using ajar as it's presumably all in a cfc
The database validation is really well covered by using cfqueryparam and
stored pros.

Russ

On 23 Sep 2010 10:00, Matt Quackenbush quackfu...@gmail.com wrote:


If you want to get downright technical about it, the three layers of
validation is an excellent requirement. However, in terms of practicality,
one can get away with only client/server for most applications. Server is an
absolute must, though, as client validations are incredibly simple to
bypass.

Sent from my iPhone




~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337356
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

FW: CFGURU: bounce email extractor


Possibly a bit OTT, but i'm looking for a FREE script or tool, CFML, PHP,
Macro, don't care which, that will extract a list of email addresses from
bounced emails so I can remove them from my blogs mailing list. I have 200
odd bounces and don't want to process them manually J

 

I found a macro for outlook that was supposed to parse all emails in a
folder and extract to excel, sadly that didn't work.

I then found a php script that connects to a remote mailbox, that also did
not recognise most of the emails as bounces.

Everything else I have found is not FREE, and i'd rather write it myself
before paying for such a thing, so just asking here before I go ahead and do
that.

Anyone used anything like this ?

 

--

Russ Michaels

 

http://www.bluethunderinternet.com http://www.bluethunderinternet.com/ :
B2B hosting, VPS's, Exchange, CF, Railo

www.cfmldeveloper.com : CFML community, FREE ColdFusion/Railo
hosting

http://www.michaels.me.uk http://www.michaels.me.uk/
:   My Blog  

skype me
:  russmichaels

 

 



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337357
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?


 The database validation is really well covered by using cfqueryparam
and stored pros.

...PLUS doing a good job of choosing column datatypes (so that the DB will
throw an exception if you try to insert one into an int column) and
enforcing primary/foreign keys/relationships (so that the DB will throw
exceptions for stuff like deleting a row in a lookup table when that row is
referred to elsewhere, attempting to insert a duplicate primary key, etc).
 Good DB-design leads to database-level validation.


On Thu, Sep 23, 2010 at 4:46 AM, Russ Michaels r...@michaels.me.uk wrote:


 The other thing to keep in mind is that u can use the same validation for
 client and server esp when using ajar as it's presumably all in a cfc
 The database validation is really well covered by using cfqueryparam and
 stored pros.

 Russ

 On 23 Sep 2010 10:00, Matt Quackenbush quackfu...@gmail.com wrote:


 If you want to get downright technical about it, the three layers of
 validation is an excellent requirement. However, in terms of practicality,
 one can get away with only client/server for most applications. Server is
 an
 absolute must, though, as client validations are incredibly simple to
 bypass.

 Sent from my iPhone




 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337358
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

CFFM and TinyMCE?


Anyone using a recent version of CFFM with TinyMCE 3?

Before I spend my time figuring out how to do it, thought I'd ask to
see if anyone had already spent that time and might be willing to
donate the knowledge to the project =)

Rick

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337359
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Boardwalk Empire


hah, oops I meant to send this to cf-community =)

On Wed, Sep 22, 2010 at 3:45 PM, Andy Matthews li...@commadelimited.com wrote:

 NO, but it's done in OT.

 -Original Message-
 From: Michael Grant [mailto:mgr...@modus.bz]
 Sent: Wednesday, September 22, 2010 2:26 PM
 To: cf-talk
 Subject: Re: Boardwalk Empire


 Is it done in CF?

 On Wed, Sep 22, 2010 at 3:24 PM, Rick Root rick.r...@gmail.com wrote:


 anyone else watch HBO's new series Boardwalk Empire?  I caught the
 series premier last night, thought it was pretty good.

 Rick





 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337360
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CFFM and TinyMCE?


I am.  In fact, upgrading from CFFM 1.17 to 1.32 this weekend.  What do you
want to know?

On Thu, Sep 23, 2010 at 6:52 AM, Rick Root rick.r...@gmail.com wrote:


 Anyone using a recent version of CFFM with TinyMCE 3?

 Before I spend my time figuring out how to do it, thought I'd ask to
 see if anyone had already spent that time and might be willing to
 donate the knowledge to the project =)

 Rick

 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337361
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?

2010-09-23 Thread Richard White


thanks for the replies. just so i understand:

lets say the client (extjs) passes over a string to be stored in the database. 
Extjs has checked that it is a string and a length of 50, and that it doesnt 
have any speech marks. the server then tries to insert it into the database 
which has a cfqueryparam that checks it is a string and a max length of 50. do 
you think this is enough validation, or would you do any further checks? do you 
think the server should also check there are no speech marks in the text as 
well?

thanks



 Hi,
 
 when at university i read that it is always best to have 3 layers of 
 validation (client,server,database) which i have been doing in my 
 applications.
 
 I have now built a few web applications using extjs, which i think has 
 excellent validation features. 
 
 I am developing a new web application and starting to wonder why all 
 the additional work is needed to put all the same validation into the 
 server and the database when extjs does so well. 
 
 i understand there must be a lot of security on the server and 
 database, and any variables accepted by the server can have the type 
 attribute set, but is it really necessary to replicate validation on 
 all 3 layers?
 
 i have never had the validation on the server or database fire purely 
 because extjs is so good!
 
 would appreciate others thoughts on this
 
 thanks 


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337362
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CFFM and TinyMCE?

2010-09-23 Thread Kym Kovan


On 23/09/2010 9:52 PM, Rick Root wrote:

 Anyone using a recent version of CFFM with TinyMCE 3?

 Before I spend my time figuring out how to do it, thought I'd ask to
 see if anyone had already spent that time and might be willing to
 donate the knowledge to the project =)

yes, it was not too hard.

I haven't tried the latest cffm version yet but the previous two 
versions went fine except for the issue with paths and the uploadifyer 
thingy in the last version.

I don't have the code in front of me and its late evening here, I'll 
send it directly in the morning...


-- 

Yours,

Kym Kovan
mbcomms.net.au


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337363
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?


You probably don't have to do any more speech mark-checking.  Just make sure
that the column in the database is varchar(50) or nvarchar(50) and make sure
that its NULL-ability is set properly and you're done.

On Thu, Sep 23, 2010 at 7:01 AM, Richard White rich...@j7is.co.uk wrote:


 thanks for the replies. just so i understand:

 lets say the client (extjs) passes over a string to be stored in the
 database. Extjs has checked that it is a string and a length of 50, and that
 it doesnt have any speech marks. the server then tries to insert it into the
 database which has a cfqueryparam that checks it is a string and a max
 length of 50. do you think this is enough validation, or would you do any
 further checks? do you think the server should also check there are no
 speech marks in the text as well?

 thanks



  Hi,
 
  when at university i read that it is always best to have 3 layers of
  validation (client,server,database) which i have been doing in my
  applications.
 
  I have now built a few web applications using extjs, which i think has
  excellent validation features.
 
  I am developing a new web application and starting to wonder why all
  the additional work is needed to put all the same validation into the
  server and the database when extjs does so well.
 
  i understand there must be a lot of security on the server and
  database, and any variables accepted by the server can have the type
  attribute set, but is it really necessary to replicate validation on
  all 3 layers?
 
  i have never had the validation on the server or database fire purely
  because extjs is so good!
 
  would appreciate others thoughts on this
 
  thanks


 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337364
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CFFM and TinyMCE?


Thanks... I don't use TinyMCE and the instructions I wrote for
integrating with TinyMCE are probably quite out of date.. I wrote
these instructions (bottom of the readme) for TinyMCE 1.45

http://www.opensourcecf.com/cffm/demo/README.TXT

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337365
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CFFM and TinyMCE?


Relevant JS looks like this:

function cffmCallback(field_name, url, type, win) {
   // Do custom browser logic
   url =
'#base#cffm.cfm?imagedir=#URLEncodedFormat(imagedir)#editorType=mceEDITOR_RESOURCE_TYPE='
+ type;
   x = 700; // width of window
   y = 500; // height of window
   win2 = win; // don't ask, it works.  win2 ends up being global to the
page, while win is only accessible to the function.
   cffmWindow =
window.open(url,,width=+x+,height=+y+,left=20,top=20,bgcolor=white,resizable,scrollbars,menubar=0);
   if ( cffmWindow != null ) {
  // bring the window to the front
  cffmWindow.focus();
   }
}

tinyMCE.init({
   [snip]
   file_browser_callback : cffmCallback,
   [snip]
});

On Thu, Sep 23, 2010 at 7:12 AM, Kym Kovan dev-li...@mbcomms.net.au wrote:


 On 23/09/2010 9:52 PM, Rick Root wrote:
 
  Anyone using a recent version of CFFM with TinyMCE 3?
 
  Before I spend my time figuring out how to do it, thought I'd ask to
  see if anyone had already spent that time and might be willing to
  donate the knowledge to the project =)

 yes, it was not too hard.

 I haven't tried the latest cffm version yet but the previous two
 versions went fine except for the issue with paths and the uploadifyer
 thingy in the last version.

 I don't have the code in front of me and its late evening here, I'll
 send it directly in the morning...


 --

 Yours,

 Kym Kovan
 mbcomms.net.au


 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337366
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?


Database validation probably comes into play in a couple ways.

#1 - datatypes and constraints (including things like foreign keys)
provide some level of database validation.
#2 - if you're using stored procedures to perform actions, stored
procedures can sometimes have business logic validation in them as
well.

Of course we all use database validation like #1.  Although I've
written a few stored procedures, I've neve really put any validation
in them.

Server validation protects you against a number of things that client
validation absolutely cannot do.

 - bugs in client side validation
 - hackers/spambots who aren't using the web client that you built and
try to post things directly to your server side scripts, cfcs, etc.

Rick

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337367
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?

2010-09-23 Thread enigment

IMO...

- You *always* need server side validation, because as mentioned,
client validation may not always run, and also so you can make an API
available beyond browser front ends.

- If that's true, I prefer to stay DRY and write validation in only
one place, so that means on the server not the client. To work with
that, you probably want to establish infrastructure and conventions to
communicate server-side bus rule failures back to the client for
presentation to the user. For example, our ajax layer includes the
ability to specify mappings of back-end method arguments to a
friendly name you can say to the user (Last name is required, not
last_name), and a list of DOM IDs that should get highlighted in the
UI if the data for that argument is invalid.

Dave

On Thu, Sep 23, 2010 at 8:34 AM, Rick Root rick.r...@gmail.com wrote:

Database validation probably comes into play in a couple ways.

#1 - datatypes and constraints (including things like foreign keys)
provide some level of database validation.
#2 - if you're using stored procedures to perform actions, stored
procedures can sometimes have business logic validation in them as
well.

Of course we all use database validation like #1. Although I've
written a few stored procedures, I've neve really put any validation
in them.

Server validation protects you against a number of things that client
validation absolutely cannot do.

- bugs in client side validation
- hackers/spambots who aren't using the web client that you built and
try to post things directly to your server side scripts, cfcs, etc.

Rick

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337368
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?


On Thu, Sep 23, 2010 at 9:31 AM, enigment enigm...@gmail.com wrote:

 - If that's true, I prefer to stay DRY and write validation in only
 one place, so that means on the server not the client. To work with

http://www.validatethis.org/

Saw a preso on this at CFUnited, looked pretty cool.  It generates
client and server side validation for you.

Rick

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337369
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?



 - If that's true, I prefer to stay DRY and write validation in only
 one place, so that means on the server not the client.


I'd strongly disagree with this from a usability standpoint. Forcing a user
to hit the server for validation increases user frustration, server load and
bandwidth usage. I realize that both server load and bandwidth are becoming
less and less of an issue as our tech progresses, but the logic is still
sound.


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337370
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: 3 layers of validation?

2010-09-23 Thread DURETTE, STEVEN J (ATTASIAIT)


First off, NEVER NEVER NEVER (should I say it again) assume that the
data hitting the server or the database is coming from your form page.
It is extremely easy for someone to do a view source and find out where
the form data posts to.  Then they can send all sorts of crap at the
server just to see what happens (script kiddies anyone?).  Because of
that you have to do server side validation. 

Client side validation is more for the (wait for it) Client, It's much
nicer to have the page say sorry you put in bad data please fix it
then make them wait for a new page that says please go back and fix your
data.

Lastly, NEVER assume that your server application (CF, PHP, ASPX) is the
only thing that will hit your database. Say someone finds your database
and calls a procedure.  You would really hate it if they passed in
username = 'dummy';drop usertable;--  and your code didn't account for
it. Suddenly your usertable is gone. Always check in each place.

Think of it like a secure military base. You have to get thorough
security at the gate, then you have to go through security at the
building, then you have to go through security to get in the room (if
what is inside is important enough to protect).  At each level the
guards are there to make sure that their specific area is protected.
You can jump the fence, but it's harder to get in the building. If you
find a way into the building, then it's almost impossible to get in the
room.  If you get in the room, no problem, we will shoot you when you
come out! :)

No one level of security can assume that the other has done its job.

Steve


-Original Message-
From: Richard White [mailto:rich...@j7is.co.uk] 
Sent: Thursday, September 23, 2010 8:01 AM
To: cf-talk
Subject: Re: 3 layers of validation?


thanks for the replies. just so i understand:

lets say the client (extjs) passes over a string to be stored in the
database. Extjs has checked that it is a string and a length of 50, and
that it doesnt have any speech marks. the server then tries to insert it
into the database which has a cfqueryparam that checks it is a string
and a max length of 50. do you think this is enough validation, or would
you do any further checks? do you think the server should also check
there are no speech marks in the text as well?

thanks

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337371
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: 3 layers of validation?

2010-09-23 Thread DURETTE, STEVEN J (ATTASIAIT)


And then of course there is always this: http://xkcd.com/327/

I showed that comic to an intern, years ago, who didn't validate his
database inputs and accidentally deleted a whole database because he put
code in the wrong place.



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337372
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?


Haha, one of my fav xkcd's.

Little Bobby Tables.

On Thu, Sep 23, 2010 at 9:53 AM, DURETTE, STEVEN J (ATTASIAIT) 
sd1...@att.com wrote:


 And then of course there is always this: http://xkcd.com/327/

 I showed that comic to an intern, years ago, who didn't validate his
 database inputs and accidentally deleted a whole database because he put
 code in the wrong place.



 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337373
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?


On Thu, Sep 23, 2010 at 9:48 AM, DURETTE, STEVEN J (ATTASIAIT)
sd1...@att.com wrote:

 Lastly, NEVER assume that your server application (CF, PHP, ASPX) is the
 only thing that will hit your database. Say someone finds your database
 and calls a procedure.  You would really hate it if they passed in
 username = 'dummy';drop usertable;--  and your code didn't account for
 it. Suddenly your usertable is gone. Always check in each place.

If someone finds your database and executes a stored procedure,
you've got *WAY* bigger problems than application coding.

Ri

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337374
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: 3 layers of validation?

2010-09-23 Thread DURETTE, STEVEN J (ATTASIAIT)


True, but if they have only gotten access to a login that can only run stored 
procedures and your stored procedures do the checks you are a little bit better 
off.

The programmer can't assume that the DBA is doing his job with security and the 
DBA can't assume that the programmer is doing his job with security.  If both 
do their jobs then security should be pretty strong, if not then at least you 
(programmer or DBA) have done everything they can to cover your own butt. 

-Original Message-
From: Rick Root [mailto:rick.r...@gmail.com] 
Sent: Thursday, September 23, 2010 10:01 AM
To: cf-talk
Subject: Re: 3 layers of validation?


On Thu, Sep 23, 2010 at 9:48 AM, DURETTE, STEVEN J (ATTASIAIT)
sd1...@att.com wrote:

 Lastly, NEVER assume that your server application (CF, PHP, ASPX) is the
 only thing that will hit your database. Say someone finds your database
 and calls a procedure.  You would really hate it if they passed in
 username = 'dummy';drop usertable;--  and your code didn't account for
 it. Suddenly your usertable is gone. Always check in each place.

If someone finds your database and executes a stored procedure,
you've got *WAY* bigger problems than application coding.

Ri



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337375
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?

2010-09-23 Thread James Holmes


If ti's done with AJAX the user will likely not notice the difference.

--
WSS4CF - WS-Security framework for CF
http://wss4cf.riaforge.org/



On 23 September 2010 21:46, Michael Grant mgr...@modus.bz wrote:


 - If that's true, I prefer to stay DRY and write validation in only
 one place, so that means on the server not the client.


 I'd strongly disagree with this from a usability standpoint. Forcing a user
 to hit the server for validation increases user frustration, server load and
 bandwidth usage. I realize that both server load and bandwidth are becoming
 less and less of an issue as our tech progresses, but the logic is still
 sound.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337376
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?

2010-09-23 Thread Ian Skinner


  On 9/23/2010 7:01 AM, Rick Root wrote:
 If someone finds your database and executes a stored procedure,
 you've got *WAY* bigger problems than application coding.

Not necessarily.  The someone just may be some future developer that has 
been tasked to do something new with all this great data your 
application has been collecting for the past years.



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337377
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?


Um, ok, but what's your point? If the user is working local on the server
they probably won't notice the difference either.


On Thu, Sep 23, 2010 at 10:12 AM, James Holmes james.hol...@gmail.comwrote:


 If ti's done with AJAX the user will likely not notice the difference.

 --
 WSS4CF - WS-Security framework for CF
 http://wss4cf.riaforge.org/



 On 23 September 2010 21:46, Michael Grant mgr...@modus.bz wrote:
 
 
  - If that's true, I prefer to stay DRY and write validation in only
  one place, so that means on the server not the client.
 
 
  I'd strongly disagree with this from a usability standpoint. Forcing a
 user
  to hit the server for validation increases user frustration, server load
 and
  bandwidth usage. I realize that both server load and bandwidth are
 becoming
  less and less of an issue as our tech progresses, but the logic is still
  sound.

 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337378
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: 3 layers of validation?

2010-09-23 Thread Justin Scott


 thanks for the replies. just so i understand:

My philosophy is that it simply should not be possible for anyone (user,
bot, whatever) to generate a ColdFusion error (which by extension means
database errors since they are expressed through the CF error handler).
This means very strong server side validation and gracefully handing error
conditions back to the user.  In some cases, instead of returning an error
we just assume reasonable defaults and force the submitted value to either
be a valid selection or the default we select.

For example, for an e-mail address field we would param the form field, trim
it, ensure a value is present, test that value against the isValid()
function with the email type to ensure a proper format, then check the
length against the database varchar field length.  If it's too long we can
return an error to the user and ask for a different address (and optionally
notify someone that perhaps we should increase the field size).

For something like a checkbox with a form value of 1, we might do:

cfset form.field = min(abs(val(trim(form.field))), 1) /

This forces the value to either be 0 or 1 no matter what was submitted by
the user/bot/whatever.  We follow that up with a CFQUERYPARAM on the
database call with a type of bit, and it will always pass through gracefully
(assuming there were no other error conditions).

Yes, that's a lot of work to do, but it's not that hard to develop a
validation routine to abstract it all away and automate the process (someone
mentioned validatethis, which does a great job of this).

Once the server-side is locked down you can focus on the client-side
validation.  This gives you two benefits:

1) The core of your site will function without JavaScript.  This is great
for that small fraction of paranoid or annoyed users who simply turn it off.

2) More importantly, it will help protect the site against malware attacks,
bots, security scanners, and the like, all of which simply ignore your
client-side validation and send whatever they want to the server.

When your client decides to add e-commerce down the road and you're getting
scanned by McAfee or SecurityMetrics on a regular basis you will appreciate
all that validation as it will handle all the crap that the scanners throw
at the forms without breaking a sweat.  Cleaning up database tables after
6,000 junk entries got inserted because you relied on client-side validation
(and even so-called database validation as long as the strings weren't too
long and the right data types) is really not fun and entirely preventable.


-Justin



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337379
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?

2010-09-23 Thread James Holmes


You said that server side validation creates user frustration. My
point was that this isn't true if the validation is done server side
via AJAX, since that provides client-side validation but with a single
set of server-side logic.

--
WSS4CF - WS-Security framework for CF
http://wss4cf.riaforge.org/



On 23 September 2010 22:21, Michael Grant mgr...@modus.bz wrote:

 Um, ok, but what's your point? If the user is working local on the server
 they probably won't notice the difference either.


 On Thu, Sep 23, 2010 at 10:12 AM, James Holmes james.hol...@gmail.comwrote:


 If ti's done with AJAX the user will likely not notice the difference.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337380
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?


Ideologically, sure. What would your workflow be for this logically though?
And how do you mitigate part two and three of my statement?


On Thu, Sep 23, 2010 at 10:53 AM, James Holmes james.hol...@gmail.comwrote:


 You said that server side validation creates user frustration. My
 point was that this isn't true if the validation is done server side
 via AJAX, since that provides client-side validation but with a single
 set of server-side logic.

 --
 WSS4CF - WS-Security framework for CF
 http://wss4cf.riaforge.org/



 On 23 September 2010 22:21, Michael Grant mgr...@modus.bz wrote:
 
  Um, ok, but what's your point? If the user is working local on the server
  they probably won't notice the difference either.
 
 
  On Thu, Sep 23, 2010 at 10:12 AM, James Holmes james.hol...@gmail.com
 wrote:
 
 
  If ti's done with AJAX the user will likely not notice the difference.

 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337381
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

cfinsert/cfupdate


I've been trying to convince one of my friends that using cfinsert and
cfupdate is a bad idea.

I recently told him that real CF programmers don't use cfinsert and
cfupdate :)  He responded with this:

CF8 uses cfqueryparam inside all cfinsert/cfupdate statements, making
it just as safe as a regular cfquery, but minus all the clunky code
needed to create the query.  Actually, scratch that, both queries,
since without them you have to maintain both the insert and update
statements separately if you add a new form field to a form.  cfinsert
can do in one line of code what otherwise could be hundreds, not to
mention saving you all the ridiculous potential errors from not having
commas in the correct place, accidentally using or not using quotes,
or mis-matching insert values since the syntax of inserts is different
from updates and the two lines you need to add can often be quite far
apart.  Call me proud to not be a real cf programmer.

I just don't know how to respond to this.

Rick

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337382
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: cfinsert/cfupdate

Direct him to Microsoft Front Page or Dreamweaver if he feels like giving up
all his granular control.

For me I like to be able to have as much control over my query statements as
possible. It makes it easier to read/understand and to see EXACTLY what is
being sent to the db.

Sounds to me like your friend is just lazy.

On Thu, Sep 23, 2010 at 11:08 AM, Rick Root rick.r...@gmail.com wrote:

I've been trying to convince one of my friends that using cfinsert and
cfupdate is a bad idea.

I recently told him that real CF programmers don't use cfinsert and
cfupdate :) He responded with this:

CF8 uses cfqueryparam inside all cfinsert/cfupdate statements, making
it just as safe as a regular cfquery, but minus all the clunky code
needed to create the query. Actually, scratch that, both queries,
since without them you have to maintain both the insert and update
statements separately if you add a new form field to a form. cfinsert
can do in one line of code what otherwise could be hundreds, not to
mention saving you all the ridiculous potential errors from not having
commas in the correct place, accidentally using or not using quotes,
or mis-matching insert values since the syntax of inserts is different
from updates and the two lines you need to add can often be quite far
apart. Call me proud to not be a real cf programmer.

I just don't know how to respond to this.

Rick

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337383
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

re: cfinsert/cfupdate

2010-09-23 Thread Jason Fisher


Well, he's completely right, of course.  Personally, I really like to have the 
control over my SQL statements, just like I do over my other code, so I write 
them out.  Allows me to test for NULLs (empty integer fields, for example) or 
to build computed fields or wrap sequences of queries in cftransaction or 
whatever.  But, that being said, it seems like cfinsert / cfupdate have gotten 
better since the bad old days where they were truly scary.  I don't use the 
tags personally and I don't plan to, but your friend's arguments seem sound.

- Jason
Smokey the Bearâs rules for fire safety also apply to government: Keep it 
small, keep it in a confined area, and keep an eye on it.




From: Rick Root rick.r...@gmail.com
Sent: Thursday, September 23, 2010 11:09 AM
To: cf-talk cf-talk@houseoffusion.com
Subject: cfinsert/cfupdate

I've been trying to convince one of my friends that using cfinsert and
cfupdate is a bad idea.

I recently told him that real CF programmers don't use cfinsert and
cfupdate :)  He responded with this:

CF8 uses cfqueryparam inside all cfinsert/cfupdate statements, making
it just as safe as a regular cfquery, but minus all the clunky code
needed to create the query.  Actually, scratch that, both queries,
since without them you have to maintain both the insert and update
statements separately if you add a new form field to a form.  cfinsert
can do in one line of code what otherwise could be hundreds, not to
mention saving you all the ridiculous potential errors from not having
commas in the correct place, accidentally using or not using quotes,
or mis-matching insert values since the syntax of inserts is different
from updates and the two lines you need to add can often be quite far
apart.  Call me proud to not be a real cf programmer.

I just don't know how to respond to this.

Rick



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337384
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: cfinsert/cfupdate


I also used to think that cfinsert and cfupdate were rubbish, then when I
actually used them properly one day I came to a similar conclusion as your
friend.
They certainly can be very handy and time saving tags when working with
simple update/insert from forms as they directly convert form field names
into column names and do everything for you.
Where they obviously fall down is where you need to use conditional logic in
your query to determine what values may or may not be used or where you may
be using values that didn't come from the form.

So I'd say he is right in the broadest sense, and these tags are especially
good for newbies and developers who just learn a small set of CFML tags or
use the dreamweaver builders and tools to generate code and probably never
going to get into OOP or ORM.


Regards
--
Russ Michaels
my blog: http://russ.michaels.me.uk/
skype: russmichaels
MSM: r...@michaels.me.uk



-Original Message-
From: Rick Root [mailto:rick.r...@gmail.com] 
Sent: 23 September 2010 16:09
To: cf-talk
Subject: cfinsert/cfupdate


I've been trying to convince one of my friends that using cfinsert and
cfupdate is a bad idea.

I recently told him that real CF programmers don't use cfinsert and
cfupdate :)  He responded with this:

CF8 uses cfqueryparam inside all cfinsert/cfupdate statements, making
it just as safe as a regular cfquery, but minus all the clunky code
needed to create the query.  Actually, scratch that, both queries,
since without them you have to maintain both the insert and update
statements separately if you add a new form field to a form.  cfinsert
can do in one line of code what otherwise could be hundreds, not to
mention saving you all the ridiculous potential errors from not having
commas in the correct place, accidentally using or not using quotes,
or mis-matching insert values since the syntax of inserts is different
from updates and the two lines you need to add can often be quite far
apart.  Call me proud to not be a real cf programmer.

I just don't know how to respond to this.

Rick



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337385
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: cfinsert/cfupdate


It seems to me that using cfinsert and cfupdate is a security risk.  I
mean, what if I wrote a script to post the form with additional form
fields?  I mean, people don't always know your db structure but they
can guess at things sometimes.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337386
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: cfinsert/cfupdate


On Thu, Sep 23, 2010 at 11:19 AM, Russ Michaels r...@michaels.me.uk wrote:

 So I'd say he is right in the broadest sense, and these tags are especially
 good for newbies and developers who just learn a small set of CFML tags or

Sadly, he's a 10 year veteran CF programmer.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337387
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: cfinsert/cfupdate


That applies across the board Rick, to any sql in any code on any site. If
you have not taken measures to stop that kind of thing then you are
vulnerable regardless.
But it is just as easy to put a stop to that if your using cfinsert and
cfupdate.
You can SCAN the FORM scope and simply remove anything that shouldn't be
there or simply do not execute the SQL code if you think the request did not
come form the original form.

Russ


-Original Message-
From: Rick Root [mailto:rick.r...@gmail.com] 
Sent: 23 September 2010 16:21
To: cf-talk
Subject: Re: cfinsert/cfupdate


It seems to me that using cfinsert and cfupdate is a security risk.  I
mean, what if I wrote a script to post the form with additional form
fields?  I mean, people don't always know your db structure but they
can guess at things sometimes.



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337388
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: cfinsert/cfupdate


How does Coldfusion manufacturer the queryparams?  It must inspect the
database to determine field types...  I wonder if that's a performance
hit...

I just hate not knowing what the hell its doing.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337389
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: cfinsert/cfupdate

I wasn't saying the tags are no good for veterans, just who they are
predominantly aimed at. The average developer I have found quite sucks at
SQL and database design.

-Original Message-
From: Rick Root [mailto:rick.r...@gmail.com] 
Sent: 23 September 2010 16:24
To: cf-talk
Subject: Re: cfinsert/cfupdate

On Thu, Sep 23, 2010 at 11:19 AM, Russ Michaels r...@michaels.me.uk wrote:

 So I'd say he is right in the broadest sense, and these tags are
especially
 good for newbies and developers who just learn a small set of CFML tags or

Sadly, he's a 10 year veteran CF programmer.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337390
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: cfinsert/cfupdate

2010-09-23 Thread Justin Scott


 For me I like to be able to have as much control over my
 query statements as possible. It makes it easier to read/
 understand and to see EXACTLY what is being sent to the db.

While I generally agree with that sentiment, ORM does the same thing on a
more grand scale, and I haven't seen anyone railing against using that
technology.  Personally it's been many years since I last looked at
cfinsert/cfupdate, but if the queries that they generate are 'safe' then it
might be worth taking another look at as an option to use where appropriate.


-Justin



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337391
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: cfinsert/cfupdate


Well if you turn on full debugging then u can see the sql statements, you
could also enable SQL profiling on the sql server to see what was going on
if you really wanted to know.
Yes it introspects the database to get the metadata it needs, I did do some
performance testing once and did not find any significant performance
issues.

Russ

-Original Message-
From: Rick Root [mailto:rick.r...@gmail.com] 
Sent: 23 September 2010 16:25
To: cf-talk
Subject: Re: cfinsert/cfupdate


How does Coldfusion manufacturer the queryparams?  It must inspect the
database to determine field types...  I wonder if that's a performance
hit...

I just hate not knowing what the hell its doing.



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337392
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: cfinsert/cfupdate


On Thu, Sep 23, 2010 at 11:24 AM, Russ Michaels r...@michaels.me.uk wrote:

 That applies across the board Rick, to any sql in any code on any site. If

No, it certainly doesn't.  If you write the SQL, they can't post
additional form fields that you're not expecting and have them get
into your SQL statement.


 You can SCAN the FORM scope and simply remove anything that shouldn't be
 there or simply do not execute the SQL code if you think the request did not
 come form the original form.

Well sure but that kinda defeats the purpose of the simplicity of these tags.

Rick

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337393
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: cfinsert/cfupdate

That's a good point I didn't consider that ORM is just doing the same thing.
And I bet you are all happily using Transfer and Reactor in the same way.

Russ

-Original Message-
From: Justin Scott [mailto:jscott-li...@gravityfree.com] 
Sent: 23 September 2010 16:27
To: cf-talk
Subject: RE: cfinsert/cfupdate

 For me I like to be able to have as much control over my
 query statements as possible. It makes it easier to read/
 understand and to see EXACTLY what is being sent to the db.

While I generally agree with that sentiment, ORM does the same thing on a
more grand scale, and I haven't seen anyone railing against using that
technology.  Personally it's been many years since I last looked at
cfinsert/cfupdate, but if the queries that they generate are 'safe' then it
might be worth taking another look at as an option to use where appropriate.

-Justin

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337394
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: cfinsert/cfupdate


Rick,

Saying those tags are ok to use is not promoting people to write insecure
applications and I certainly would not imply that. Protecting your
application against SQL/XSS attacks is something you should do regardless,
so I would not say it defeats the point at all, otherwise you could say the
same about ORM or any other framework because you still have to write code
of your own to make it do what you want. These things are there to aid in
your development and speed things up, not to be some magic bullet that you
can rely on to do everything for you.  
However in order for that to happen the developer has to actually know what
these things are and that he has to protect against them, and the typical
newbie is not going to know this, so it is really a moot point.

Russ

-Original Message-
From: Rick Root [mailto:rick.r...@gmail.com] 
Sent: 23 September 2010 16:28
To: cf-talk
Subject: Re: cfinsert/cfupdate


On Thu, Sep 23, 2010 at 11:24 AM, Russ Michaels r...@michaels.me.uk wrote:

 That applies across the board Rick, to any sql in any code on any site. If

No, it certainly doesn't.  If you write the SQL, they can't post
additional form fields that you're not expecting and have them get
into your SQL statement.


 You can SCAN the FORM scope and simply remove anything that shouldn't be
 there or simply do not execute the SQL code if you think the request did
not
 come form the original form.

Well sure but that kinda defeats the purpose of the simplicity of these
tags.

Rick



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337395
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?

2010-09-23 Thread Tony Bentley


You should be doing client side validation of type checking with javascript
not ajax calls to the server. It makes sense to make a call to check the
database for duplicates or other non-type-checking validation but for simple
checks I can't imagine trying to build a system that calls the server every
time an input field changes state. This is much easier to check in
javascript due to the universal nature of forms. There are only so many form
element types so we can make functions that have universal behaviors to
those elements and use custom scripts that can check for other definitions
like max length, min length, min of 3 in the collection, etc. You should do
strict type checking all the way to your database. Your input field value
should be checked in every transfer from one method to the other (e.g., form
post javascript method to cfc validation method to cfc object collection to
cfc dbproxy method to the database stored procedure, etc). If there is an
error, the server should throw an error. The client should be able to handle
that error and deliver the message or respond accordingly.


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337396
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: cfinsert/cfupdate

2010-09-23 Thread Jason Fisher


Actually, I don't use ORM for much the same reason I don't use cfinsert / 
cfupdate.  I still like to craft my SQL and I often have complex relationships 
that are easy to write in SQL and a PITA to model in an ORM.

- Jason
Smokey the Bearâs rules for fire safety also apply to government: Keep it 
small, keep it in a confined area, and keep an eye on it.




From: Russ Michaels r...@michaels.me.uk
Sent: Thursday, September 23, 2010 11:30 AM
To: cf-talk cf-talk@houseoffusion.com
Subject: RE: cfinsert/cfupdate

That's a good point I didn't consider that ORM is just doing the same thing.
And I bet you are all happily using Transfer and Reactor in the same way.

Russ

-Original Message-
From: Justin Scott [mailto:jscott-li...@gravityfree.com] 
Sent: 23 September 2010 16:27
To: cf-talk
Subject: RE: cfinsert/cfupdate

 For me I like to be able to have as much control over my
 query statements as possible. It makes it easier to read/
 understand and to see EXACTLY what is being sent to the db.

While I generally agree with that sentiment, ORM does the same thing on a
more grand scale, and I haven't seen anyone railing against using that
technology.  Personally it's been many years since I last looked at
cfinsert/cfupdate, but if the queries that they generate are 'safe' then it
might be worth taking another look at as an option to use where appropriate.

-Justin



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337397
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: cfinsert/cfupdate

I feel exactly the same way and still write my SQL statements myself. IMO
it's necessary when you start getting into multiple advanced joins, computed
columns and inline equations.

On Thu, Sep 23, 2010 at 11:38 AM, Jason Fisher ja...@wanax.com wrote:

Actually, I don't use ORM for much the same reason I don't use cfinsert /
cfupdate. I still like to craft my SQL and I often have complex
relationships that are easy to write in SQL and a PITA to model in an ORM.

- Jason
Smokey the Bears rules for fire safety also apply to government: Keep it
small, keep it in a confined area, and keep an eye on it.

From: Russ Michaels r...@michaels.me.uk
Sent: Thursday, September 23, 2010 11:30 AM
To: cf-talk cf-talk@houseoffusion.com
Subject: RE: cfinsert/cfupdate

That's a good point I didn't consider that ORM is just doing the same
thing.
And I bet you are all happily using Transfer and Reactor in the same way.

Russ

-Original Message-
From: Justin Scott [mailto:jscott-li...@gravityfree.com]
Sent: 23 September 2010 16:27
To: cf-talk
Subject: RE: cfinsert/cfupdate

For me I like to be able to have as much control over my
query statements as possible. It makes it easier to read/
understand and to see EXACTLY what is being sent to the db.

While I generally agree with that sentiment, ORM does the same thing on a
more grand scale, and I haven't seen anyone railing against using that
technology. Personally it's been many years since I last looked at
cfinsert/cfupdate, but if the queries that they generate are 'safe' then it
might be worth taking another look at as an option to use where
appropriate.

-Justin

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337398
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: CFGURU: bounce email extractor

2010-09-23 Thread Brook Davies

I use http://www.boogietools.com/Products/Windows/BoogieBounceAPI/
and it works good.. 

Brook

-Original Message-
From: Russ Michaels [mailto:r...@michaels.me.uk] 
Sent: September-23-10 3:33 AM
To: cf-talk
Subject: FW: CFGURU: bounce email extractor

Possibly a bit OTT, but i'm looking for a FREE script or tool, CFML, PHP,
Macro, don't care which, that will extract a list of email addresses from
bounced emails so I can remove them from my blogs mailing list. I have 200
odd bounces and don't want to process them manually J

I found a macro for outlook that was supposed to parse all emails in a
folder and extract to excel, sadly that didn't work.

I then found a php script that connects to a remote mailbox, that also did
not recognise most of the emails as bounces.

Everything else I have found is not FREE, and i'd rather write it myself
before paying for such a thing, so just asking here before I go ahead and do
that.

Anyone used anything like this ?

--

Russ Michaels

http://www.bluethunderinternet.com http://www.bluethunderinternet.com/ :
B2B hosting, VPS's, Exchange, CF, Railo

www.cfmldeveloper.com : CFML community, FREE ColdFusion/Railo
hosting

http://www.michaels.me.uk http://www.michaels.me.uk/
:   My Blog  

skype me
:  russmichaels

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337399
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: CFGURU: bounce email extractor

2010-09-23 Thread Brook Davies

Oops, missed the free requirement, sorry..

-Original Message-
From: Russ Michaels [mailto:r...@michaels.me.uk] 
Sent: September-23-10 3:33 AM
To: cf-talk
Subject: FW: CFGURU: bounce email extractor

Possibly a bit OTT, but i'm looking for a FREE script or tool, CFML, PHP,
Macro, don't care which, that will extract a list of email addresses from
bounced emails so I can remove them from my blogs mailing list. I have 200
odd bounces and don't want to process them manually J

I found a macro for outlook that was supposed to parse all emails in a
folder and extract to excel, sadly that didn't work.

I then found a php script that connects to a remote mailbox, that also did
not recognise most of the emails as bounces.

Everything else I have found is not FREE, and i'd rather write it myself
before paying for such a thing, so just asking here before I go ahead and do
that.

Anyone used anything like this ?

--

Russ Michaels

http://www.bluethunderinternet.com http://www.bluethunderinternet.com/ :
B2B hosting, VPS's, Exchange, CF, Railo

www.cfmldeveloper.com : CFML community, FREE ColdFusion/Railo
hosting

http://www.michaels.me.uk http://www.michaels.me.uk/
:   My Blog  

skype me
:  russmichaels

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337400
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CFFM and TinyMCE?

2010-09-23 Thread Kelly Matthews


Hey John!
Thanks! Worked like a charm!!! :) 
Kelly

 Relevant JS looks like this:
 
 function cffmCallback(field_name, url, type, win) {
   
 // Do custom browser logic
   
 url =
 '#base#cffm.
cfm?imaged 
ir=#URLEncodedFormat(imagedir)#editorType=mceEDITOR_RESOURCE_TYPE='
 + type;
   
 x = 700; // width of window
   
 y = 500; // height of window
   
 win2 = win; // don't ask, it works.  win2 ends up being global to the
 page, while win is only accessible to the function.
   
 cffmWindow =
 window.open(url,,width=+x+,height=+y+,left=20,top=20,
 bgcolor=white,resizable,scrollbars,menubar=0);
   
 if ( cffmWindow != null ) {
  
 // bring the window to the front
  
 cffmWindow.focus();
   
 }
 }
 
 tinyMCE.init({
   
 [snip]
   
 file_browser_callback : cffmCallback,
   
 [snip]
 });
 
 On Thu, Sep 23, 2010 at 7:12 AM, Kym Kovan dev-li...@mbcomms.net.au 
 wrote:
 
 
  On 23/09/2010 9:52 PM, Rick Root wrote:
  
   Anyone using a recent version of CFFM with TinyMCE 3?
  
   Before I spend my time figuring out how to do it, thought I'd ask 
 to
   see if anyone had already spent that time and might be willing to
   donate the knowledge to the project =)
 
  yes, it was not too hard.
 
  I haven't tried the latest cffm version yet but the previous two
  versions went fine except for the issue with paths and the 
 uploadifyer
  thingy in the last version.
 
  I don't have the code in front of me and its late evening here, 
 I'll
  send it directly in the morning...
 
 
  --
 
  Yours,
 
  Kym Kovan
  mbcomms.net.au
 
 
  


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337401
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?

2010-09-23 Thread Richard White

thanks for all the replies.

I like your philosphy justin and like the way you talked about routines and
procedures that will eventually become part of the development process and
therefore not take up additional time or effort.

Thanks again

thanks for the replies. just so i understand:

My philosophy is that it simply should not be possible for anyone (user,
bot, whatever) to generate a ColdFusion error (which by extension means
database errors since they are expressed through the CF error handler).
This means very strong server side validation and gracefully handing error
conditions back to the user. In some cases, instead of returning an error
we just assume reasonable defaults and force the submitted value to either
be a valid selection or the default we select.

For example, for an e-mail address field we would param the form field, trim
it, ensure a value is present, test that value against the isValid()
function with the email type to ensure a proper format, then check the
length against the database varchar field length. If it's too long we can
return an error to the user and ask for a different address (and optionally
notify someone that perhaps we should increase the field size).

For something like a checkbox with a form value of 1, we might do:

cfset form.field = min(abs(val(trim(form.field))), 1) /

This forces the value to either be 0 or 1 no matter what was submitted by
the user/bot/whatever. We follow that up with a CFQUERYPARAM on the
database call with a type of bit, and it will always pass through gracefully
(assuming there were no other error conditions).

Yes, that's a lot of work to do, but it's not that hard to develop a
validation routine to abstract it all away and automate the process (someone
mentioned validatethis, which does a great job of this).

Once the server-side is locked down you can focus on the client-side
validation. This gives you two benefits:

1) The core of your site will function without JavaScript. This is great
for that small fraction of paranoid or annoyed users who simply turn it off.

2) More importantly, it will help protect the site against malware attacks,
bots, security scanners, and the like, all of which simply ignore your
client-side validation and send whatever they want to the server.

When your client decides to add e-commerce down the road and you're getting
scanned by McAfee or SecurityMetrics on a regular basis you will appreciate
all that validation as it will handle all the crap that the scanners throw
at the forms without breaking a sweat. Cleaning up database tables after
6,000 junk entries got inserted because you relied on client-side validation
(and even so-called database validation as long as the strings weren't too
long and the right data types) is really not fun and entirely preventable.

-Justin

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337402
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: 3 layers of validation?

2010-09-23 Thread Dave Watts


 I must admit I have never heard of validation on the database before, and I
 am not sure how one would actually do that.

Triggers, stored procedures, proper usage of data domains - there are
lots of ways to implement validation at the database.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337403
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: cfinsert/cfupdate

2010-09-23 Thread Dave Watts


 No, it certainly doesn't.  If you write the SQL, they can't post
 additional form fields that you're not expecting and have them get
 into your SQL statement.

If I recall correctly, you can limit the form fields used by
CFINSERT/CFUPDATE using the FORMFIELDS attribute. So that's not a big
deal as long as those fields are explicitly specified.

In general, unless you have control over coding standards in your
organization, I suspect you're not going to win this battle.
Personally, I don't like them and haven't used them outside of a
classroom - and even then, that was many years ago - but I don't think
there's a significant difference in performance or security. There may
be a bit of a performance hit for CF to identify SQL data types, but I
can't imagine that's significant.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337404
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: CFGURU: bounce email extractor

I see there is a FREE trial, so I might be able to use it for this onetime
issue. 

-Original Message-
From: Brook Davies [mailto:cft...@logiforms.com] 
Sent: 23 September 2010 16:52
To: cf-talk
Subject: RE: CFGURU: bounce email extractor

I use http://www.boogietools.com/Products/Windows/BoogieBounceAPI/
and it works good.. 

Brook

-Original Message-
From: Russ Michaels [mailto:r...@michaels.me.uk] 
Sent: September-23-10 3:33 AM
To: cf-talk
Subject: FW: CFGURU: bounce email extractor

Possibly a bit OTT, but i'm looking for a FREE script or tool, CFML, PHP,
Macro, don't care which, that will extract a list of email addresses from
bounced emails so I can remove them from my blogs mailing list. I have 200
odd bounces and don't want to process them manually J

I found a macro for outlook that was supposed to parse all emails in a
folder and extract to excel, sadly that didn't work.

I then found a php script that connects to a remote mailbox, that also did
not recognise most of the emails as bounces.

Everything else I have found is not FREE, and i'd rather write it myself
before paying for such a thing, so just asking here before I go ahead and do
that.

Anyone used anything like this ?

--

Russ Michaels

http://www.bluethunderinternet.com http://www.bluethunderinternet.com/ :
B2B hosting, VPS's, Exchange, CF, Railo

www.cfmldeveloper.com : CFML community, FREE ColdFusion/Railo
hosting

http://www.michaels.me.uk http://www.michaels.me.uk/
:   My Blog  

skype me
:  russmichaels

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337405
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CFFM and TinyMCE?


What she said.. thanks John (and all)

I copied your code into the inspiring topic on my forums that led me
to post this thread to cf-talk :)

http://www.opensourcecf.com/forums/messages.cfm?messageid=F6E3048F-8D83-4B7A-839E1E4D6C462DA1

Rick

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337406
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: cfinsert/cfupdate


Some good points were made, on both sides. I am almost thinking about switching 
sides ... not.  

But on a more neutral note, there are a few small considerations that might 
also affect the decision to use one or the other. ie Do you need any of the 
following functionality

1) Retrieve an identity/autoincrement value from an INSERT 
2) Return the number of records affected by an UPDATE 
3) (Also, from a recent question on the adobe forums..) Do you need to 
handle/escape invalid column names?

My guess would be these features are not supported with cfinsert/cfupdate. 
But I do not know for certain.

-Leigh



 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337407
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: cfinsert/cfupdate

2010-09-23 Thread Jacob Munson

How does Coldfusion manufacturer the queryparams? It must inspect the
database to determine field types... I wonder if that's a performance
hit...

I don't know the deep technical details, but I do know that many people
argue that using query params actually gives you a performance benefit over
plain SQL (although a lot of people disagree). Regardless of the debate
over which method is faster, the way it works is if you query param ALL of
your variables (including values in the SQL that don't come from CF),
ColdFusion will create what is called a prepared statement (sometimes called
a parameterized statement, or bind parameter). From what I understand, the
way this works is that ColdFusion compiles your query down to machine code
that the DB just executes. If you don't query param every value, the DB has
to compile the statement, which includes syntax checking and all that jazz.

That said, this does not work if you don't use cfqueryparams for
everything. For example, this query would NOT be a prepared statement (from
what I understand):

cfquery name=bday datasource=#myDSN#
select birthDate
from familyGroups
where child = cfqueryparam value=#form.children#
cfsqltype=cf_sql_varchar
and stillMinor = 1
/cfquery

The reason that it would not be a prepared statement is because of the
stillMinor = 1 part. Even though that is a static value that never
changes, you still want to cfqueryparam that if you want your sql to be
compiled to a prepared statement. Otherwise the DB server will still have
to do the work when it receives the SQL query from ColdFusion.

At least, that is how I understand things. If anybody sees a flaw in my
explanation, feel free to jump in and correct me.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337408
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: cfinsert/cfupdate

2010-09-23 Thread denstar


On Thu, Sep 23, 2010 at 9:50 AM, Michael Grant wrote:

 +1

 I feel exactly the same way and still write my SQL statements myself. IMO
 it's necessary when you start getting into multiple advanced joins, computed
 columns and inline equations.

This is actually where ORM shines.

You can do *crazy awesome* stuff with Hibernate.

You can model your model in a variety of ways, that can make things
really easy from a programming perspective.

It's like learning a new language tho, and a lot of it can still end
up being DB specific, so... eh.

I bet very few people are using HBM files, where a lot of the magic happens.

:Den

-- 
Through shallow intellect, the mind becomes shallow, and one eats the
fly, along with the sweets.
Guru Nanak

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337409
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: JRunConfig Errorurl Not Working

2010-09-23 Thread Josh Walker


 Hello,
 
 I have another post on this message board that relates to this but I'm 
 creating a separate post because this is really just my attempt at a 
 temporary workaround for that problem and I think they are completely 
 separate issues.
 
 I am running ColdFusion 8 with Apache 2.2.3 on Linux.  In my Apache 
 configuration file I specified the following in my JRun configuration 
 area:
 
 JRunConfig Errorurl http://www.somedomain.com/error.cfm
 
 The page is accessible but for some reason when a JRun error occurs I 
 don't get redirected to the proper Errorurl.  I looked at the Apache 
 connector source code and found the following comment in the code that 
 handles the redirect:
 
 This code seems to work for IIS but not for any of the other web 
 servers.
 
 I have tried using domains that exist on the machine itself as well as 
 just trying to set the Errorurl to Google.com.
 
 Any insight would be appreciated.
 
 Thanks,
 John 


Did you ever figure this out? I'm having the same problem where it's not 
redirecting when JRun is down. Using CF9/Apache2.2.15. 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337410
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: FW: CFGURU: bounce email extractor

2010-09-23 Thread Steve Bryant


Russ,

I have used Ray Camden's getEmail UDF as part of my process for handling 
bounces.
http://cflib.org/index.cfm?event=page.udfbyidudfid=928

You might also look into Brian Ghidinelli's  Email Bounce Detector for 
finding the bounces:
http://bouncedetector.riaforge.org/

Steve

Possibly a bit OTT, but i'm looking for a FREE script or tool, CFML, PHP,
Macro, don't care which, that will extract a list of email addresses from
bounced emails so I can remove them from my blogs mailing list. I have 200
odd bounces and don't want to process them manually J 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337411
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

JRunconfig Errorurl not working

2010-09-23 Thread Josh Walker


I'm having a hard time getting this redirect to work. I'm running CF9/Apache 
2.2.15 and in the JRun Settings for the Apache config I have are:

JRunConfig Errorurl http://localhost/serverDown.html

However, whenever JRun is down or starting up I still get the default error 
page. What am I missing??

Thanks. 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337412
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RTFs from a Scheduled Task

2010-09-23 Thread Thomas Harper


We're trying with CF9 on Windows Server 2008 to generate RTF files with font 
information. So far, the approaches we've seen depend on going through a 
browser to a user's desktop. What we need it to do is be able to generate the 
RTF file via a scheduled task that will be run every 5 minutes or so onto the 
server so that it gets put into a print queue.

We've tried writing a straight text file with RTF font code but as it gets sent 
to the print queue the code just comes across as plain text. Is there a way to 
do make an RTF file without the browser? Thank you. 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337413
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Using a CSV as a datasource (CF8)

2010-09-23 Thread Tim Claremont


To get this to work, I had to do something really hokey.

I created an Access database, and used a linked table to the actual text file. 
Works great. 

And no, I am not proud of this solution... 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337414
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RTF generation by a scheduled task

2010-09-23 Thread Thomas Harper


We're trying with CF9 on Windows Server 2008 to generate RTF files with font 
information. So far, the approaches we've seen depend on going through a 
browser to a user's desktop. What we need it to do is be able to generate the 
RTF file via a scheduled task that will be run every 5 minutes or so onto the 
server so that it gets put into a print queue.

We've tried writing a straight text file with RTF font code but as it gets sent 
to the print queue the code just comes across as plain text. Is there a way to 
do make an RTF file without the browser? Thank you. 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337415
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: cfinsert/cfupdate

2010-09-23 Thread Jacob Munson



 While I generally agree with that sentiment, ORM does the same thing on a
 more grand scale, and I haven't seen anyone railing against using that
 technology.


While I won't tell ORM fans that they shouldn't use ORM, I have done my fair
share of railing against ORM.  As others have said in this thread, I don't
like losing control over my SQL.  I used to think that ORM was just a crutch
for people that hate writing SQL (because they never took the time to
properly learn SQL).  While I still believe that is the case for some ORM
users (I won't name names, but I personally know a few developers that would
fit this description), I have since come to realize that there are many SQL
gurus out there that like to use ORM because of it's convenience, as well as
how tightly it can integrate with OO techniques and frameworks.  Personally,
I am not one of those people, but I won't say that ORM is bad and nobody
should use it.  To each his own.  :)


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337416
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Using CF to manage ads shown on Blogger


Next problem... To make the ad clickable and go to the correct website, I have 
an a href=link_router.cfm wrapping the image that is retrieved by the ad. 

The link_router.cfm simply looks for the last ad that was requested (the 
datetime stamp was updated in the ad table when it was requested). That link 
would be then  initially be that viewer's ad, but only for a short period of 
time, until the next person to view the blog page requested an ad image (the 
next one in the queue) and the datetime stamp changes. 

So, how can I assure that the correct link will be retrieved? 

Idea When the ad is requested, insert the ad id and the link along with a 
datetime stamp and the ip address that requested it. I'm not sure how accurate 
that would be if the user has an AOL browser.

Is there a better way? 

Thanks so much. 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337417
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: cfinsert/cfupdate

2010-09-23 Thread Justin Scott


 Some good points were made, on both sides. I am almost
 thinking about switching sides ... not.

The thing is that it's not really about sides it's about using the right
tools at the right times.  If you have a basic update/insert query that
doesn't have any special needs, I suppose using those tags could save some
time (esp. if you have a lot of those basic queries to write).  For queries
that need special care, rolling your own would likely be a better approach.
If you're CFC-heavy already then ORM might be a good choice.  Being a good
programmer shouldn't be about I always write my own SQL it should be about
using the most effective tool for the job at hand.  One of the things I love
about CF is that it gives you these options to choose from.


-Justin



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337418
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: RTF generation by a scheduled task

2010-09-23 Thread denstar

RTF files are plain text, so you can create them pretty easily.

If your attempts haven't worked so far, you're doing something wrong. :)

Back in the day, I would create an RTF template, and go from there.
Try creating an RTF that looks like how you want it, and put
placeholders in the spots you want to insert dynamic content.

Nowadays, I just use JasperReports, and export in RTF using
cfjasperreport (a tag I wrote for generating jasperreport reports from
CF).

JasperReports is WICKED COOL for doing reports. Beats the pants off
of ReportBuilder, etc.. Cross platform y todo.

:Den

--
A casual stroll through the lunatic asylum shows that faith does not
prove anything.
Friedrich Nietzsche

On Thu, Sep 23, 2010 at 12:52 PM, Thomas Harper wrote:

We're trying with CF9 on Windows Server 2008 to generate RTF files with font
information. So far, the approaches we've seen depend on going through a
browser to a user's desktop. What we need it to do is be able to generate the
RTF file via a scheduled task that will be run every 5 minutes or so onto the
server so that it gets put into a print queue.

We've tried writing a straight text file with RTF font code but as it gets
sent to the print queue the code just comes across as plain text. Is there a
way to do make an RTF file without the browser? Thank you.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337419
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: running requests longer than request timeout


Native threads cannot be killed and will hang about until complete. You can
find more info on the from website and list.

Russ

On 23 Sep 2010 03:28, Richard Steele r...@photoeye.com wrote:


On CF8 Enterprise, we have set the request timeout to 30 seconds. However,
in Fusion Reactor the request is continuing on way past that time for
certain threads. Why is the request timeout not working? Thanks in advance. 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337420
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: running requests longer than request timeout


Is there automated anyway to kill those threads? Thanks in advance. 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337421
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: cfinsert/cfupdate


 The thing is that it's not really about sides it's about
 using the right
 tools at the right times.  

The remark about sides was intended as sarcasm ;) ie Conversations about 
cfinsert/cfupdate tend to lean towards the passionate side. I was totally 
serious when I said some good points were made on both sides. Having said that, 
personally, I do not use those tags. Nor do I see myself using them  in the 
future. They just do not provide enough flexibility for most (if not all) of my 
applications. 


 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337422
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Using CF to manage ads shown on Blogger

2010-09-23 Thread Raymond Camden

If you look at how Harlan does it (harlan.riaforge.org), you embed a
JS into your site. The JS points to a CFM file. The output of that is
JS that writes out the HTML for both the image and link at the same
time.

On Thu, Sep 23, 2010 at 3:10 PM, Richard Steele r...@photoeye.com wrote:

Next problem... To make the ad clickable and go to the correct website, I
have an a href=link_router.cfm wrapping the image that is retrieved by
the ad.

The link_router.cfm simply looks for the last ad that was requested (the
datetime stamp was updated in the ad table when it was requested). That link
would be then initially be that viewer's ad, but only for a short period of
time, until the next person to view the blog page requested an ad image (the
next one in the queue) and the datetime stamp changes.

So, how can I assure that the correct link will be retrieved?

Idea When the ad is requested, insert the ad id and the link along with a
datetime stamp and the ip address that requested it. I'm not sure how
accurate that would be if the user has an AOL browser.

Is there a better way?

Thanks so much.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337423
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: running requests longer than request timeout


nope, even FR cannot kill them automatically, you have to force thread
death.

On Thu, Sep 23, 2010 at 9:37 PM, Richard Steele r...@photoeye.com wrote:


 Is there automated anyway to kill those threads? Thanks in advance.

 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337424
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Using CF to manage ads shown on Blogger


If you look at how Harlan does it (harlan.riaforge.org), you embed a
JS into your site. The JS points to a CFM file. The output of that is
JS that writes out the HTML for both the image and link at the same
time.

On Thu, Sep 23, 2010 at 3:10 PM, Richard  Steele r...@photoeye.com wrote:


Awesome! Thanks Ray. 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337425
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

coldfusion 8 split word in array of letters

2010-09-23 Thread Brian FitzGerald


Hey all,

In CF9, this splits a word into an array of letters:

cfset myArr = listToArray(myWord, ) /

However, unless I'm crazy, this doesn't work in CF8.  Can anyone tell me how to 
easily split a word into an array of letters in CF8?

Thanks for any insight,
Brian 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337426
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

IIS7 404 handler/URL Rewrite...

2010-09-23 Thread Eric Roberts


Any ideas on using IIS7's requite with a dynamic CF page?  We have a 404
handler that has been handling this...basically the user friendly url comes
in, the 404 handler looks up the name in the db and returns an ID in a url
that the site understands and forwards to that page...or redirects to an
actual 404 error page.  For some reason, IIS7 doesn't seem to like this...it
returns a 404.0 not found error(404, 404.2 and 404.3 are defined).  So I
came up with the idea of taking advantage of IIS7's rewrite.  This seems to
use the web.config file.  Is there a way to dynamically do this with data
from the DB?  Thanks!

Eric


BTW...Thanks Ben Nadel, Ray Camden, and Leigh for your either direct or
indirect assistance with the dynamic image writing!


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337427
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: coldfusion 8 split word in array of letters

2010-09-23 Thread Brian FitzGerald


Ah, I had forgotten that cf strings are java string objects under the hood.  
Calling myString.split() splits each letter of the word into an array.

I noticed that this does, however, insert an empty element into the first 
position in the array, which was undesirable.  To address this, I found a post 
by Brian Rinaldi which mentioned a udf on cflib.org called arrayCompact (link 
below) which removed the unwanted empty element in the array.

Anyway, thanks, I just wanted to post this reply for future reference in case 
anyone else has this problem.

Best,
Brian

http://www.cflib.org/index.cfm?event=page.udfbyidudfid=1564



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337428
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: coldfusion 8 split word in array of letters


You could also just loop from one to the length of the string. Then use mid() 
to populate an array. Not as elegant as split(), but it is documented ;)

 Ah, I had forgotten that cf strings are java string objects
 under the hood.  Calling myString.split() splits each
 letter of the word into an array.

Just be aware the result of split() is not technically a CF array. So it may 
not behave the way you might expect with some array functions. But since you 
passing the result into arrayCompact, which does return a CF array, that is not 
an issue here.


-Leigh



 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337429
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: coldfusion 8 split word in array of letters

2010-09-23 Thread Brian FitzGerald


Hey Leigh, it's very interesting that you mention that about the Java array.  
In fact, because it was a Java array, I was using the techniques outlines by 
the ever helpful Ben Nadel in this post (link below) to convert it back to a CF 
array.

After your comments however, I took the conversion piece of code out and just 
sent the Java array into the arrayCompact function and things still work ok, 
with a CF array being returned from the function.  This surprises me to a 
certain extent as the arrayCompact function is indeed calling a few CF specific 
functions on the passed in array, which I would have expected to blow up 
without the conversion prior to passing the array in.  I guess it's simply the 
case that some CF functions are supported on Java arrays (arrayToList for 
example) while others are not (arrayAppend as an example).

Anyway, things are working now and I do appreciate you taking the time to 
comment.

Best,
Brian

http://www.bennadel.com/blog/760-Converting-A-Java-Array-To-A-ColdFusion-Array.htm
 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337430
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: coldfusion 8 split word in array of letters


 I guess it's simply the case that some CF functions are supported 
 on Java arrays (arrayToList for example) while others are not
 (arrayAppend as an example).


Exactly. The ones that will fail are probably all ones that modify arrays. As 
mentioned in Ben's entry, the java arrays are immutable. So any attempt to 
change them causes an exception. Great entry though (not at all surprising ;)

Anyway, it is always good to be aware of the nuances. 

Cheers
Leigh


  

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337431
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

WSDL / XML / String help

2010-09-23 Thread Doug Ford


Hi folks - 

Hopefully somebody can point me in the right direction. ;-)

I am trying to use this WSDL/web service: (the following has been edited for 
security) ;-)

cfinvoke webservice=myURL/my_api.cfc?wsdl method=GetUserProfile 
returnvariable=temp1
 cfinvokeargument name=wsID value=1
 cfinvokeargument name=customerid value=1
 cfinvokeargument name=userid value=1
/cfinvoke




And when I do this:  cfdump var=#temp1#

I get this:

?xml version=1.0 encoding=utf-8? 
soap:Envelope xmlns:soap=http://schemas.xmlsoap.org/soap/envelope/; 
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; 
xmlns:xsd=http://www.w3.org/2001/XMLSchema; 

soap:Body 
GetUserProfileResponse xmlns=http://tempuri.org/; 
GetUserProfileResult 
user 
UserID1/UserID 
firstNameA/firstName 
lastNameA/lastName 
emaila...@blah.com/email 
/user 
/GetUserProfileResult 
/GetUserProfileResponse 
/soap:Body 
/soap:Envelope


When it gets returned to me, it's a string.
Any attempts to loop over it like an array gives me errors messages.

When I just output it, I just get the info found in the user section.




Is there a process, method, or something that allows me to pull apart that 
text, and grab the pieces I need out of it?

Is there anyway to say cfset fn = temp1.GetUserProfileResult.user.firstname

When I try that it fails.

Anybody have any suggestions?

Thanks,

Doug 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337432
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: WSDL / XML / String help


Use xmlParse() to convert the string to an xml document. The results will be 
under envelope.body 

cfset resultXML = xmlParse(temp1)
cfset baseXML = resultXML.Envelope.body
cfoutput
#baseXML.GetUserProfileResponse.GetUserProfileResult.user.firstname.xmlText#
/cfoutput



  

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337433
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: WSDL / XML / String help

2010-09-23 Thread Doug Ford


 Use xmlParse() to convert the string to an xml document. The results 
 will be under envelope.body 
 
 cfset resultXML = xmlParse(temp1)
 cfset baseXML = resultXML.Envelope.body
 cfoutput
 #baseXML.GetUserProfileResponse.GetUserProfileResult.user.firstname.
 xmlText#
 /cfoutput
 
 
 

Hi Leigh - 

Thanks for your suggestion, but that's what I thought also.

Since the info that I get back into temp1 is a string, most if not all XML 
functions don't work.

I cut and pasted your text and got this:

 An error occured while Parsing an XML document.
The processing instruction target matching [xX][mM][lL] is not allowed. 


Thanks,

Doug


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337434
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: coldfusion 8 split word in array of letters


OT: Or slightly anyway. How do you alter an array in Java? I'm completely
unfamiliar with Java so maybe that's a dumb question. And I know I could
Google it but I'll probably spend two hours reading and not get as concise
an answer as I'd get here in a few sentences.

On Thu, Sep 23, 2010 at 8:22 PM, Leigh cfsearch...@yahoo.com wrote:


  I guess it's simply the case that some CF functions are supported
  on Java arrays (arrayToList for example) while others are not
  (arrayAppend as an example).


 Exactly. The ones that will fail are probably all ones that modify arrays.
 As mentioned in Ben's entry, the java arrays are immutable. So any attempt
 to change them causes an exception. Great entry though (not at all
 surprising ;)

 Anyway, it is always good to be aware of the nuances.

 Cheers
 Leigh




 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337435
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: WSDL / XML / String help


Make sure you trim() the string first. Excess white space often makes 
xmlParse() choke.



  

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337436
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: coldfusion 8 split word in array of letters


 OT: Or slightly anyway. How do you alter an array in Java?
 I'm completely
 unfamiliar with Java so maybe that's a dumb question. And I
 know I could
 Google it but I'll probably spend two hours reading and not
 get as concise
 an answer as I'd get here in a few sentences.


Java arrays are a little different than CF arrays. You have to declare a java 
array's size up front. Once declared, the array is immutable. So unlike in CF, 
you cannot append elements or remove them. You can only change the values of 
existing elements.  

So it is not really what we think of as an array in CF terms. When you think 
CF array, think java List. ie A modifiable collection of elements. Because 
that is essentially what it is internally: a java.util.List




  

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337437
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: coldfusion 8 split word in array of letters


Phenomenal answer. Thanks!
So would a Java dev just declare a new array one index larger than the old
one when adding items? Or would one not use arrays for the same purposes in
Java?

I promise I don't intend on tricking you into teaching me Java through an OT
cf-talk thread.

On Thu, Sep 23, 2010 at 9:06 PM, Leigh cfsearch...@yahoo.com wrote:


  OT: Or slightly anyway. How do you alter an array in Java?
  I'm completely
  unfamiliar with Java so maybe that's a dumb question. And I
  know I could
  Google it but I'll probably spend two hours reading and not
  get as concise
  an answer as I'd get here in a few sentences.


 Java arrays are a little different than CF arrays. You have to declare a
 java array's size up front. Once declared, the array is immutable. So unlike
 in CF, you cannot append elements or remove them. You can only change the
 values of existing elements.

 So it is not really what we think of as an array in CF terms. When you
 think CF array, think java List. ie A modifiable collection of elements.
 Because that is essentially what it is internally: a java.util.List






 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337438
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: cfinsert/cfupdate


On Thu, Sep 23, 2010 at 3:02 PM, Jacob Munson yacoub...@gmail.com wrote:


 That said, this does not work if you don't use cfqueryparams for
 everything.  For example, this query would NOT be a prepared statement (from
 what I understand):

 cfquery name=bday datasource=#myDSN#
    select birthDate
    from familyGroups
    where child = cfqueryparam value=#form.children#
 cfsqltype=cf_sql_varchar
    and stillMinor = 1
 /cfquery

Actually that is most definatley NOT true.  If you run the same query
again with a different value for #form.children#, it will use the
prepared statement ... but if you were to run it with a different
value for stillMinor, it would create a NEW prepared statement.

So if you're always running the query with stillMinor=1 then you
don't need to put the 1 in a cfqueryparam, you still get all the
benefits of the behind the scenes stuff that CF does.

BTW if you ever really want to see what coldfusion is sending to the
database, and you're using SQL Server, turn on SQL Profiler.  It's
some crazy shit

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337439
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: coldfusion 8 split word in array of letters


 So would a Java dev just declare a new array one index
 larger than the old
 one when adding items? Or would one not use arrays for the
 same purposes in
 Java?

Yes, they tend to be used differently. If you expect to be adding or removing 
elements frequently, you probably would not use a java array at all. But would 
select an object like a List, that is designed to change size. There are no 
absolutes, but typically if you would select an array for something in CF .. 
in java you would use a List instead.  (Because that is what CF arrays really 
are anyway ..  ;-)



  

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337440
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: coldfusion 8 split word in array of letters


Cfset mySTring = This is fun
cfset myArray = mySTring.split('')
cfloop from=1 to=#ArrayLen(myArray)# step=1 index=x
cfoutputPosition #x# = #myArray[x]#br//cfoutput
/cfloop

Yes, it's THAT easy.  If you run the code above you'll see this:

Position 1 =
Position 2 = T
Position 3 = h
Position 4 = i
Position 5 = s
Position 6 =
Position 7 = i
Position 8 = s
Position 9 =
Position 10 = f
Position 11 = u
Position 12 = n

Note that the first element is an empty string.

Rick

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337441
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: coldfusion 8 split word in array of letters


The following is less code but would it execute slower because of the mid?
I can't test right now.

cfset myString = This is funner /
cfloop from=1 to=#len(myString)# index=x
   cfoutputPosition #x# = #mid(myString,x,1)#br//cfoutput
/cfloop

On Thu, Sep 23, 2010 at 9:28 PM, Rick Root rick.r...@gmail.com wrote:


 Cfset mySTring = This is fun
 cfset myArray = mySTring.split('')
 cfloop from=1 to=#ArrayLen(myArray)# step=1 index=x
cfoutputPosition #x# = #myArray[x]#br//cfoutput
 /cfloop

 Yes, it's THAT easy.  If you run the code above you'll see this:

 Position 1 =
 Position 2 = T
 Position 3 = h
 Position 4 = i
 Position 5 = s
 Position 6 =
 Position 7 = i
 Position 8 = s
 Position 9 =
 Position 10 = f
 Position 11 = u
 Position 12 = n

 Note that the first element is an empty string.

 Rick

 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337442
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: coldfusion 8 split word in array of letters


This isn't the point though.  He wants to convert a string to an array
of letters. =)  The output is just an example.

Rick


On Thu, Sep 23, 2010 at 9:33 PM, Michael Grant mgr...@modus.bz wrote:

 The following is less code but would it execute slower because of the mid?
 I can't test right now.

 cfset myString = This is funner /
 cfloop from=1 to=#len(myString)# index=x
       cfoutputPosition #x# = #mid(myString,x,1)#br//cfoutput
 /cfloop

 On Thu, Sep 23, 2010 at 9:28 PM, Rick Root rick.r...@gmail.com wrote:


 Cfset mySTring = This is fun
 cfset myArray = mySTring.split('')
 cfloop from=1 to=#ArrayLen(myArray)# step=1 index=x
        cfoutputPosition #x# = #myArray[x]#br//cfoutput
 /cfloop

 Yes, it's THAT easy.  If you run the code above you'll see this:

 Position 1 =
 Position 2 = T
 Position 3 = h
 Position 4 = i
 Position 5 = s
 Position 6 =
 Position 7 = i
 Position 8 = s
 Position 9 =
 Position 10 = f
 Position 11 = u
 Position 12 = n

 Note that the first element is an empty string.

 Rick



 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337443
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: coldfusion 8 split word in array of letters


Oh and Leigh is correct, you can't manipulate the resulting Array from
calling the .split() method on a string.. ie, neither of these work:

cfset ArrayAppend(myArray,Y)
cfset myArray.push(' ')

The latter doesn't work because apparently, java arrays have no push method :)

Apparently, that's the perl programmer in me.

Rick

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337444
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: running requests longer than request timeout


On Thu, Sep 23, 2010 at 5:28 PM, Russ Michaels r...@michaels.me.uk wrote:

 nope, even FR cannot kill them automatically, you have to force thread
 death.

and in Fusion Reactor Enterprise, that's often not an option and it
pretty much never works - because Fusion Reactor is java, and java
cannot kill native OS threads.

What's a native thread, you ask?

Anything communicating with a socket (like database I/O) .. file I/O
maybe?  Even sending data to the client or receiving data from the
client.

Rick

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337445
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: coldfusion 8 split word in array of letters


Personally, I would not worry about speed prematurely. Not unless you have a 
very large string.  So for normal stuff, I would probably use that approach (ie 
MID combined with ArrayAppend). 



  

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337446
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: coldfusion 8 split word in array of letters


 typically if you would select an array for something in CF .. in java  
 you would use a List instead.  

That statement is probably a little too broad. What I meant was, for CF tasks 
requiring resizable arrays .. you would probably use a List type object in 
java.

-Leigh


  

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:337447
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: RTF generation by a scheduled task